Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.324.1
What's Changed
- Streamlines codespell rules in one place by @sachin-sandhu in #12754
- Track local dependencies from uv tool sources by @Sly1029 in #12589
- Fixes engine parsing issues for PNPM and YARN by @sachin-sandhu in #12750
- Removing nuget from omnibus by @thavaahariharangit in #12752
- v0.324.1 by @dependabot-core-action-automation[bot] in #12757
New Contributors
Full Changelog: v0.324.0...v0.324.1
Contributors
Sly1029, thavaahariharangit, and sachin-sandhu
Assets 2
v0.324.0
What's Changed
- To Implement Cooldown feature for Helm ecosystem by @randhircs in #12520
- Bump nokogiri from 1.18.8 to 1.18.9 in /updater by @dependabot[bot] in #12680
- Target latest Python versions by @wktk in #12566
- Bump brace-expansion from 1.1.11 to 1.1.12 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #12441
- Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #12527
- implement package update cooldown feature for nuget by @brettfo in #12709
- always honor global.json sdk version by @brettfo in #12692
- Fix broken bundler updates from sources other than RubyGems or other gem repositories by @Tabby in #12698
- Remove enable_cooldown_for_bundler feature flag check by @markhallen in #12664
- use
doheadmethod to fetch blob metadata for Docker tags by @robaiken in #12712 - Enabled check to add feature flag, added specific exception and remov… by @randhircs in #12713
- honor cooldown values in group updates by @brettfo in #12716
- Bump gpgme from 2.0.23 to 2.0.25 by @JamieMagee in #12718
- Removed Feature Flag and Added check for the user if not willing to opt cooldown in scan. by @randhircs in #12739
- trim .git suffix from source url by @brettfo in #12737
- delete old updater code by @brettfo in #12714
- Adding support for dependency-groups (PEP 735) in pyproject.toml by @SMoraisAnsys in #12580
- Remove obsolete nuget volume mounts from docker-dev-shell by @kbukum1 in #12748
- Parse PEP 735 dependency groups in uv by @phillipuniverse in #12720
- Fix Sorbet Runtime Error due to Nil return value in Composer ecosystem by @AbhishekBhaskar in #12743
- Removing helm and oras login command by @robaiken in #12746
- v0.324.0 by @dependabot-core-action-automation[bot] in #12749
New Contributors
- @wktk made their first contribution in #12566
- @Tabby made their first contribution in #12698
- @SMoraisAnsys made their first contribution in #12580
Full Changelog: v0.323.0...v0.324.0
Contributors
markhallen, phillipuniverse, and 10 other contributors
Assets 2
v0.322.2
What's Changed
- Improves PHP_CS_FIXER compatibility with PHP8.4 by @sachin-sandhu in #12699
- Ruby 3.4.5 by @JamieMagee in #12679
- fix: Comment out vcpkg and rust_toolchain deps in omnibus to resolve version conflicts by @kbukum1 in #12701
- v0.322.2 by @dependabot-core-action-automation[bot] in #12703
Full Changelog: v0.322.1...v0.322.2
Contributors
JamieMagee, sachin-sandhu, and kbukum1
Assets 2
v0.322.1
What's Changed
- fix integration test timeouts by @jakecoffman in #12673
- Complete checkout of vcpkg repository by @JamieMagee in #12659
- retain xml declaration if present by @brettfo in #12675
- Pin dependency plugin version when running dependency tree in Maven by @ByAgenT in #12658
- Upgrade uv to the latest 0.8.0 by @phillipuniverse in #12674
- generate detailed pr body by @brettfo in #12661
- Composer v1 deprecation clean up by @sachin-sandhu in #12641
- Bump the all-actions group across 1 directory with 3 updates by @dependabot[bot] in #12485
- remove experiment
nuget_use_new_file_updaterand make this behavior the default by @brettfo in #12676 - Don't have a fallback on
"master"as default by @jeffwidman in #12655 - scrub github name and issue mentions by @brettfo in #12685
- remove legacy dependency solver by @brettfo in #12687
- remove old update handler by @brettfo in #12688
- Bump the dev-dependencies group across 1 directory with 2 updates by @dependabot[bot] in #12667
- always use direct dependency discovery by @brettfo in #12689
- Add back cooldown filtering and fix method delegation for npm, yarn, pnpm, and bun package managers by @kbukum1 in #12690
- Fix cooldown filtering for latest distribution tags in npm/yarn and bun by @kbukum1 in #12691
- Fix silent package manager network requests causing test timeouts by @kbukum1 in #12693
- Fix rust_toolchain and vcpkg dependency versions in omnibus build by @kbukum1 in #12660
- v0.322.1 by @dependabot-core-action-automation[bot] in #12694
Full Changelog: v0.322.0...v0.322.1
Contributors
jeffwidman, phillipuniverse, and 7 other contributors
Assets 2
v0.322.0
What's Changed
- cleanup nuget pr body text by @brettfo in #12627
- Remove cooldown feature flag for
vcpkgandrust_toolchainby @JamieMagee in #12631 - Downgrade pip to 24.2 due to issue in >25 by @sachin-sandhu in #12634
- fix: update the file extensions that indicate and archive for http url module sources by @bcpeinhardt in #12610
- Remove deprecated cooldown feature flag for JavaScript ecosystems: npm_and_yarn, bun by @kbukum1 in #12582
- use initial project directory when computing updated file paths from project discovery by @brettfo in #12635
- Update labels for
dotnet-sdk,rust-toolchain, andvcpkgby @JamieMagee in #12637 - Install
vcpkgcli invcpkgecosystem container image by @JamieMagee in #12636 - Skip sigstore attestions if publishing the RubyGems manually by @jeffwidman in #12639
- Remove the fallback
"master"hardcoded branch name from the npmFileParserby @jeffwidman in #7131 - Use common variable for PHP version by @sachin-sandhu in #12642
- ensure project is supported file by @brettfo in #12644
- Don't let unsupported sdk version in
global.jsonfail an update job by @brettfo in #12638 - reset smoke test branch to main by @brettfo in #12646
- Bump DiffPlex and 21 others by @dependabot[bot] in #12622
- refactor method by @brettfo in #12649
- Bump dotnet-sdk from 9.0.203 to 9.0.302 in /nuget/helpers/lib/NuGetUpdater by @dependabot[bot] in #12620
- Bump nuget/helpers/lib/NuGet.Client from
42bfb45to2948e02by @dependabot[bot] in #12618 - check output for timeouts by @brettfo in #12650
- Bump golang.org/x/mod from 0.19.0 to 0.26.0 in /go_modules/helpers by @dependabot[bot] in #12617
- classify additional error shapes by @brettfo in #12652
- Bump System.CommandLine, xunit.runner.visualstudio and xunit.v3 by @dependabot[bot] in #12651
- v0.322.0 by @dependabot-core-action-automation[bot] in #12654
- Disable ecosystems from rakefile to fix gem release by @AbhishekBhaskar in #12656
New Contributors
- @bcpeinhardt made their first contribution in #12610
Full Changelog: v0.321.3...v0.322.0
Contributors
jeffwidman, brettfo, and 6 other contributors
Assets 2
v0.321.3
v0.321.3 (#12630) Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.321.3 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v0.321.2
v0.321.2 (#12629) Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.321.2 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v0.321.1
What's Changed
- Remove composer feature flag by @AbhishekBhaskar in #12602
- Add rust_toolchain and vcpkg gemspecs to the GEMSPECS list by @markhallen in #12607
- v0.321.1 by @dependabot-core-action-automation[bot] in #12608
Full Changelog: v0.321.0...v0.321.1
Contributors
markhallen and AbhishekBhaskar
Assets 2
v0.321.0
What's Changed
- Composer : Deprecates composer V1 code by @sachin-sandhu in #12593
- Remove deprecated cooldown feature flag for Python ecosystems: python, uv by @kbukum1 in #12597
- Upgrades Yarn to latest version 4.9.2 by @sachin-sandhu in #12599
- v0.321.0 by @dependabot-core-action-automation in #12603
Full Changelog: v0.320.1...v0.321.0
Contributors
sachin-sandhu and kbukum1
Assets 2
v0.320.1
What's Changed
- Bump library/rust from 1.85.0-bookworm to 1.88.0-bookworm in /cargo by @dependabot in #12528
- Add more Sorbet types by @ryanbrandenburg in #12490
- Fix Maven Regex that detects
pom.xmlindentation. by @ByAgenT in #12552 - log all errors to the console before sending upstream by @brettfo in #12550
- Add Sorbet type annotations to Cargo::FileUpdater::LockfileUpdater by @uuushiro in #12523
- Bump
google-protobuffrom4.28.2to4.31.1to fix GCC 15 incompatibility by @JamieMagee in #12561 - Add dependabot-vcpkg to root
Gemfileby @JamieMagee in #12560 - Handle UTF-8 BOM in
dotnet-sdkecosystem by @JamieMagee in #12571 - FF for cooldown clean up from swift and terraform. by @randhircs in #12572
- Remove
T.mustcheck fromdetails_for_library_dependencyby @JamieMagee in #12562 - Cooldown feature flag removal by @sachin-sandhu in #12577
- fix: Cargo version constraint error by accepting partial updates by @uuushiro in #12487
- Emit record_update_job_error on grouped security updates by @sebasgomez238 in #12387
- Fix npm version detection logic for improved accuracy and compatibility by @kbukum1 in #12583
- Add missing checksum for commonmarker arm64-darwin platform by @kbukum1 in #12584
- Fix gems-bump-version workflow by removing sorbet-runtime by @markhallen in #12590
- v0.320.1 by @dependabot-core-action-automation in #12591
New Contributors
Full Changelog: v0.320.0...v0.320.1
Contributors
markhallen, brettfo, and 9 other contributors